I have had an email from a colleague warning about a scam involving scallywags using SilverStripe sites that are in dev mode. From reading the documentation I think that my site is in live mode (the Director::set_environment_type("dev") directive is not set and it is not running on localhost). But is there a way that I can be sure? I do see some slightly alarming options when I look at the /dev/folder on my site, without authenticating as admin.
You can tell if your site is in live mode by logging out entirely then trying to do any of the developer tasks. Eg go to yoursite.com/dev/build. If it is in live mode you should be prompted for a password before you are allowed to rebuild the database. If you aren't asked for a password to do that you are either a) still logged in :) or b) not in live mode.
Or if you want to be a bit more certain you could add something like this in your _config file to just test it out (remove it afterwards)
Which should give you a blank screen with either 'live', 'test', 'dev' or nothing.
Hi - I have a site which is launching TODAY and I have just tried putting it in "Live" mode using: Director::set_environment_type("live"); in my _config.php.
But, I can still access /dev/build without being logged in! I tried putting your code in Willr and the pages came out saying "live". Any idea why it's still letting anyone at dev/build without needing a password?